policy/protocols/ssh/geo-data.zeek

SSH

Geodata based detections for SSH analysis.

Namespace

SSH

Imports

base/frameworks/notice, base/protocols/ssh

Summary

Runtime Options

SSH::watched_countries: set &redef

The set of countries for which you’d like to generate notices upon successful login.

Redefinitions

Notice::Type: enum	SSH::Watched_Country_Login: If an SSH login is seen to or from a “watched” country based on the SSH::watched_countries variable then this notice will be generated.
SSH::Info: record	New Fields SSH::Info remote_location: geo_location &log &optional Add geographic data related to the “remote” host of the connection.

Detailed Interface

Runtime Options

SSH::watched_countries

Type

set [string]

Attributes

&redef

Default

{
   "RO"
}

The set of countries for which you’d like to generate notices upon successful login.